Enabling Technologies for Wireless E-Business phần 3 pps

4.2 include wireless application environment WAE, wireless session protocol WSP, wireless transaction protocol WTP,industry standard protocol and the transport layer security TLS protoco

3.4.3 WWAN Security Infrastructure

This section talks about the most used GSM communication system and the rent most popular 3G systems There are many standards for the 3G systems, but

cur-we pick Universal Mobile Telecommunications System (UMTS) for its bility with GSM, to better demonstrate how the server assisted security mecha-nism operates

compati-The Security Architecture

WWAN covers a very broad service area in a hierarchical structure consisting of many Visited Location Registers (VLRs) With such vast amount of VLRs, their computation and storage ability are naturally limited by cost, causing it infeasible

to store all the subscriber data, and a more powerful centralized server is called for, which is HLR/AuC (Home Location Register/ Authentication Center)

Fig 3.16 shows the GSM communication infrastructure and, in general, theAuC would be attached to a HLR in a secure environment

The Authentication Center (AuC) securely stores the secret keys of all scribers for later user authentication purposes Other personal information not in-uvolved with authentication is stored on the HLR Besides, it is assume that there is

sub-a secure chsub-annel between HLR/AuC sub-and the visited network for delivering tive information, such as user authentication information for assisting visited net-work providers in authenticating the user

sensi-The VLR, which is the visited network providers, authenticates the user based

on the information obtained from HLR/AuC It is no doubt that HLR/AuC is thekey to successfully authenticate both the MS and the VLR The authenticating ca-pability of the HLR/AuC comes from the key shared with MS Based on the knowledge of this key, the corresponding authenticator can be derived to convince

Fig 3.16 GSM communication infrastructure

GSM Authentication

Fig 3.17 illustrates the GSM authentication process The challenge/response rity mechanism is used for authentication in the GSM Because the HLR/AuC shares a secret key Ki with the MS, the HLR/AuC can retrieve the MS’s secret key

secu-Ki and generate a random number RAND to help the VLR verify the MS locally when the MS is checking in the visited network

to the VLR that the MS is the alleged one This way, the user is approved toaccess the resources within visited network without obstacle

Below shows the associated procedure.

1 Apply the secret key Ki and the random RAND to the A3 algorithm to

2 Apply the secret key Ki and the random RAND to the A8 algorithm to compute KC= A8(Ki, RAND), where the A8 is also an algorithm known between the HLR/AuC and the MS

to secure the communication between the MS and VLR, a session key K can alsocompute XRES = A3(Ki, RAND), where the A3 is an algorithm known between the HLR/AuC and the MS

be derived and verified in the authentication process After that, the transmitted message can be encrypted and decrypted by A5 with the session key KC Because

of the secrecy of the session key, the confidentiality between MS and VLR can beguaranteed

2 Attacks on the algorithm A3/8: In April 1998, Wagner and Goldberg cessfully cracked COMP-128 which made use of A3/8 With around 160,000 chosen plaintext attack attempts launched, Ki could be compro-tmised

suc-Attacks on the algorithm A5/1: A5/1 has also been found to contain a ness Biryukov and Shamir [3.38] devised the method of “time-memory trade-off”, which exploits connections between algorithm state and key stream sequence

weak-to derive Kc

UMTS Authentication

Third generation (3G) mobile phones are characterised by higher rates of data transmission and a richer range of services and Universal Mobile Telecommunica-tions System (UMTS) is one of the new 3G systems An important characteristic

of UMTS is that the new radio access network is connected to an evolution of the GSM core network

The principles of UMTS security are, therefore, build on the security of GSM

by adopting the security features from GSM that have proved to be needed and that are robust, and correcting the problems with GSM by addressing securityweaknesses [3.35, 3.38]

The new security features for UMTS, not addressed in GSM, are listed asfollows

1 Provide mutual authentication and integrity protection of critical signallingprocedures to give greater protection against false base station attacks.2

3 Encryption terminates at the radio network controller

assisted security model Therefore, HLR/AuC is responsible for overseeing

in-with independent MS For a specific security service the pre-shared master key isused in accompanying with a dedicated algorithm, to generate a corresponding service key Because only MS and HLR/AuC holds the master key, only they will

be able to generate the service keys, and since HLR/AuC will subsequently stow the possession of the service keys to the VLR, VLR and MS will be able tolocally authenticate each other to initiate the services

be-3.5 Summary

In this chapter, we outlined various practical solutions that can be used to come those intrinsic restrictions that are inherent in the mobile devices and thewireless environment to realize the many security requirements We discussed the wireless equivalent of public key cryptosystem; the use of WPKI certificate to re-solve verification of public key’s ownership Furthermore, we introduced ellipticcurve cryptography, an alternate approach to conventional public key cryptogra-phy, which is suitable for applications under resource-constrained conditions Despite so, several practical issues concerning ECC still remain to be resolved

over-For instance, finding an efficiently way to determine an appropriate base point G

and a suitable elliptic curve is still undergoing more research And ever sinceKoblitz demonstrated, in the 2001 EuroCrypto, the effectiveness of the Weil Par-ing property on the Super Singular Elliptic Curve for handling authentication problems, a dilemma between choosing the more secure Non-Singular Elliptic Curve or the relatively less secure but offering the Paring property Super Singular ffElliptic Curve, has emerged

Finally, due to the mobility characteristics, mobile devices will invariably faceauthentication difficulties when entering a foreign visited network With the help

of the server, much of the authentication complication can be relieved

Additionally, if we want to enjoy the advantages of a broader coverage area and dbetter mobility transmission performance from both WWAN and WLAN, the in-teroperability among these two heterogeneous networks must be solved Within the sever-assisted model, the role of a server is the answer to this problem Of course, the vulnerabilities inherited from the underlying environments must bealso carefully evaluated to facilitate the possible solution

For the time being, the topic of mobile security while not obstructing the tical demand of efficiency will remain as an area of active research for many years

prac-to come

dividual’s security requirements: mutual authentication, integrity, and mity The way to accomplish this goal is through guarding of a master key shared

anony-All the communication networks discussed in this section used various levels

of server assistance with the common goal of achieving the different securitymechanisms

5 Internet X.509 Public Key Infrastructure Certificate and CRL Profile,

6 WPKI, Wireless Public Key Infrastructure Definition, WAP Forum, 24 April 2001

7 Internet X.509 Public Key Infrastructure Certificate and CRL Profile,

8 Internet X.509 Public Key Infrastructure – On-line Certificate Status col - OCSP, IETF RFC 2560, M Myers, R Ankney, A Malpani,

Proto-S Galperin, and C Adams, June 1999

9 N Koblitz (1987) Elliptic Curve Cryptosystem, Mathematics of tion, 48, 203-209

Computa-10 W Diffie and M E Hellmn (1976) New Directions in Cryptography, IEEE Transactions on Information Theory V IT-22, n.6, pp 644-654

11 B Dodson and A Lenstra (1995) NFS with four large primes: an explosiveexperiment, Advances in Cryptology-CRYPTO’95.’’

12 A.M Odlyzko (1995) The future of integer factorization, CryptoBytes, l(2)

13 IEEE P1363, Standard Specifications for Public Key Cryptography, ballot draft, 1999 Drafts available at http://grouper.ieee.org/groups/1363/

17 National Institute of Standards and Technology, Digital Signature Standard,FIPS Publication 186-2, February 2000 Available at http://cstc.nist.gov/fips

18 WAP Wireless Transport Layer Security Specification, WAP Forum, 5 vember 1999

No-19 P.L Montgomery (1985) Modular Multiplication without trial division, Mathematics of Computation, 44, pp 519-521

R Housley, et al., January 1999

R Housley, et al., January 1999

20 Menezes, T Okamoto and S Vanstone (1993) Reducing elliptic curve rithms to logarithms in a finite field, IEEE Transactions on Information Theory, 39, pp 1639-1646

loga-21 Semaev (1998) Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Mathematics of Computation,

dis-24 D Shanks (1971) Class number, a theory of factorization and genera In

1969 Number Theory Institute (Proc Sympos Pure Math., Vol XX, State Univ New York, Stony Brook, Ny 1969), pp 415-440 Amer Math Soc.,Providence, RI

25 Certicom ECC Challenge, November 1997, http://www.certicom.com

26 Tom Karygiannis and Les Owens (2002) Wireless Network Security:802.11, Bluetooth and Handheld Devices, NIST Special Publication 800-

48

27 IEEE P802.11i/D10.0 (2004) Medium Access Control (MAC) Security hancements, Amendment 6 to IEEE Standard for Information technology – Telecommunications and information exchange between systems – Localand metropolitan area networks – Specific requirements – Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications

En-28 L Blunk and J Vollbrecht (1998) PPP Extensible Authentication Protocol (EAP), IETF RFC 2284

29 Wireless LAN Security White Paper, Cisco Systems, http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.pdf

30 H Andersson, S Josefsson, G Zorn, D Simon, and A Palekar (2002) Pro-Ztected EAP Protocol (PEAP), IETF

31 B Aboba and D Simon (1999) PPP EAP TLS Authentication Protocol, IETF RFC 2716

32 C He and J.C Mitchell (2004) Analysis of the 802.11i 4-Way Handshake, Proceedings of the 2004 ACM workshop on Wireless security, pp 43-50

33 C He and J.C Mitchell, Security Analysis and Improvements for IEEE 802.11i,

1107.pdf, 2005

http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/NDSS05-34 Dictionary Attack on Cisco LEAP Vulnerability, Reversion 2.1, Cisco tems, http://www.cisco.com/warp/public/707/cisco-srr n-20030802-leap.pdf

Sys-35 P.S Pagliusi (2002) A Contemporary Foreword on GSM Security, ings of the International Conference on Infrastructure Security, LNCS No

Proceed-2437, pp 129-144, Springer-Verlag

36 K Boman, G Horn, P Howard and V Niemi (2002) UMTS Security, tronics & Communication Engineering Journal, 14(5), pp 191-204.

Elec-37 G.M Koien (2004) An Introduction to Access Security in UMTS, IEEEWireless Communication, 11(1), pp 8-18

38 Biryukov, A Shamir, and D Wagner (2002) Real Time Cryptanalysis of A5/1 on a PC, in FSE 2000, LNCS No 1978, Sp

en-In this chapter, a detailed introduction to WAP is presented, including the cation environment and various protocols The security aspect in the present Inter-net environment is dealt with in Sect 4.3

appli-4.2 Wireless Application Protocol

4.2.1 Overview

The WAP standards consist of a variety of architecture components, including an ttapplication environment, scripting and markup languages, network protocols, andsecurity features These components and features together define how wireless data handsets communicate over the wireless network, and how content and ser-vices are delivered With the WAP standards, a wireless data handset can establish

a connection to a WAP-compliant wireless infrastructure, request and receive the content and services, and present them to the end user This WAP-compliant wire-less infrastructure may include the handset, the server side infrastructure, such asthe proxy server (WAP gateway), the Web server, the application server, and the network operator (telecommunication company) The WAP architecture is shown

in Fig 4.1

The WAP architecture can also be presented through the WAP protocol stack shown in Fig 4.2 The WAP protocol stack covers the complete picture from

Fig 4.2 The WAP protocol stack

bearers to applications The bearers are the various wireless networks that WAPcurrently supports The transport layer is an interface common to the underlying wireless network, and it provides a constant service to the upper layers in theWAP stack, such that the bearer services are transparent to the upper layers In other words, with the transport layer, the specific network characteristics can be masked The security layer provides security for the transport layer, based on the

thin clients The session layer provides the application layer with the capability to select connection-oriented or connectionless services The application layer dealswith a general-purpose environment for applications

The WAP protocols in Fig 4.2 include wireless application environment (WAE), wireless session protocol (WSP), wireless transaction protocol (WTP),industry standard protocol and the transport layer security (TLS) protocol The tran-saction layer provides a lightweight transaction-oriented protocol for mobile

wireless transport layer security (WTLS), and wireless datagram protocol (WDP).

In Sects 4.2.2–4.2.6, we discuss these protocols with special focus on WAE

4.2.2 Wireless Application Environment

WAE consists of a set of standards that collectively define a group of formats for wireless applications and downloadable content WAE specifies an application framework for wireless devices, such as cellular phones, pagers, and PDAs WAEhas two logical layers, namely, user-agent layer and format-and-service layer The components of the user-agent layer include browsers, phone books, message edi-tors, and other items on the user device side, such as wireless telephony application (WTA) agent The components of the format-and-service layer include commonelements and formats accessible to the user agents, such as WML, WMLScript,and WAP binary XML content format (WBXML)

A WAP microbrowser has the following capabilities:

• Submission of requests to the server

• Reception of responses from the server

• Conversion of and parse the data

• Interpretation from WML and WMLScript files

• Ability to interact with the appropriate WAP layer

• Local cache and variable management

• Wireless session protocol processing

• Effective management of local hardware resources, such as RAM, ROM, small screen, and input and output

Wireless Markup Language

Wireless markup language (WML) is a language based on the extensible markup language (XML) WML is optimized for small screens and limited memory capac-ity, and for content intended for lightweight, wireless devices such as mobilettphones and personal digital assistants (PDAs)

A WML document is called deck A page of a WML document is called card

A deck consists of one or more cards Each deck is identified by an individualURL address, similar to an HTML page A WML deck requires a browser that will format the deck for the benefit of the user The browser determines the finalshape of the deck Sometimes, people use the analogy of HTML to explain WML

In the analogy, a WML deck corresponds to an HTML page However, there are differences between a WML deck and an HTML page While each HTML file is asingle viewable page, a WML deck may contain multiple cards, each of which is a separate viewable entity WML files are stored as static text files on a server Dur-ing the transmission from the server to the browser, the WML files are encoded in binary format by the wireless connection gateway and then sent to the browser This is also different from HTML, where there is no need for such an encoding process

WML contains commands for navigation in decks Each WML command hastwo core attributes, namely, id and class The id is the attribute for an individual name to the elements inside a deck, while the class is the attribute that links the element to one or several groups A WML deck, at its most basic level, is con-structed from a set of elements Elements are identified by tags, which are en-closed in angular brackets Each element must include a start tag (<el_tag>) and

an end tag (</el_tag>) The content is included between the start and end tags An empty element that has no content can be abbreviated by a single tag (<el_tag/>).yBecause WML is based on the XML language, a WML document must follow the XML rule to contain the XML-specified document type definition (DTD) at the beginning of the WML code, which is referred to as deck header or document prolog, as follows:

<wml>⋅⋅⋅</wml> commands summarize the deck The <card>⋅⋅⋅</card> mands summarize the text, images, input fields, and any other objects of a card in the deck

com-Cards are the basic units of WML, defining an interaction between a mobiledevice and the user Each card may contain three different groups of elements: content elements (such as text, tables, and images), tasks and events (such as

<onevent>, <timer>, and <do>), and data entry (such as <input> and <select>)

WMLScript

WMLScript is a simple scripting language based on ECMAScript (ECMA-262 standard) with modifications to better support low-bandwidth communication and thin clients WMLScript is part of the WAP application layer.t

WMLScript complements the WML by adding simple formatting capabilities tomake the user interfaces more readable, for example, the capabilities of checkingthe validity of user input and generating messages and dialog locally to reduce theneed for expensive round-trip to show alerts These capabilities are not supported

by WML as the content of WML is static WMLScript provides programmable functionality that can be used over narrowband communication links in clients mwith limited capabilities With WMLScript, more advanced user interface func-tions can be supported and intelligence can be added to the client WMLScript also provides access to the device and its peripheral functionality, and reduces the amount of bandwidth that is needed for sending data back and forth between the server and the client

WMLScript is similar to JavaScript For example, WMLScript includes a ber of operators such as assignment and arithmetic operators, which are similar to those in JavaScript However, there are major differences between WMLScript and JavaScript First, WML contains references to the URL address of a

num-WMLScript function, whereas JavaScript functions are normally embedded in theHTML code Second, WMLScript must be compiled into binary WMLScript codeprior to its execution in a WAP device, while there is no such requirement for JavaScript.

Although WMLScript is based on ECMAScript as mentioned earlier, there are differences between WMLScript and ECMAScript First, like JavaScript, ECMAScript is not encoded in a binary form while WMLScript has to be Second,

to form WMLScript, many advanced features of the ECMAScript language havettbeen dropped to make WMLScript smaller and easier to compile into binary WMLScript code

WMLScript syntactically resembles C language It has basic types, variables, expressions, and statements Unlike C, WMLScript cannot be used to writestand-alone applications There is no built-in support for reading and writingrfiles Because it is an interpreted language, scripts or functions can run only in theffpresence of an interpreter, which is supplied as part of the WAP user agent WMLScript is a weakly typed and object-based language, in which variables must

be declared before they can be used in expression In WMLScript, there is no mainprogram or routine Functions are created to perform specific tasks and they areinvoked through a WML call When a WMLScript function is invoked, the WAPgateway accesses the source code, compiles it into binary WMLScript code, and then sends the execution function to the WAP user agent WMLScript code iswritten in normal text files with the file extension “wmls.”

Each WMLScript file contains at least one function Each function is composed t

of statements that perform the appropriate processing The structure of a WMLScript function is as follows:

extern function function_xyz (parameter list)

{// start of the statements

statement_1;

statement_2;

statement_n;

}// end of the statements

With this structure and the file extension “xmls,” a simple WMLScript example

to set a day of the week, which is included in the file named “setday.xmls,” islisted as follows:

extern function SetDay(givenDay)

To invoke a WMLScript function, a reference to the WMLScript function must

be included in a WML document The call will be routed from the WAP browser

through the WAP gateway to the server The server then sends the binary WMLScript code to the WAP browser The WAP browser has an interpreter, which is able to execute WMLScript programs in their binary format Using our example, the reference to the WMLScript can be as simple as follows:

<do type=“ACCEPT” label=“Set Day”>

<! Calling the WMLScript function: >

<go href=“setday.xmls#SetDay($(givenDay))”/>

</do>

Wireless Telephony Application Interface and Wireless Telephony Applications d

One of the major mobile services is voice How can we set up a call or receive anincoming call using a WAP-enabled mobile device? This is the problem that wire-less telephony application interface (WTAI) addresses WTAI is designed to allow wireless network operators access the telephony features of WAP device Through either a WML deck/card or WMLScript, using the WTAI function libraries, amobile phone call can be set up and an incoming call can be received In addition, text messages can be sent or received, and phonebook entries can be manipulated

on the WAP device

Wireless telephony application (WTA) is a collection of telephony-specific tensions for call and feature control mechanisms that make advanced mobile net-work services available to the mobile users It provides a bridge between wireless telephony and data The WTA applications can use the privileged WTAI

ex-From the architecture point of view, a WTA server communicates with the WAP gateway to deliver and manage telephony services; on the client side, there

is a WTA framework, which has three components as follows:

1 User agent This agent supports the WTAI libraries, renders WML, and

executes WMLScripts

2 Repository It provides persistent client-side storage for wireless telephony

applications

3 Event handling This deals with incoming-call and call-connected events to

be delivered to a wireless telephony application for processing, which may also invoke WMLScript library interfaces to initiate and control telephony operations

Wireless telephony supports in WAP make WAP suitable for creating mobile applications through voice services The compact form, encryption, and error hand-tling capabilities of WAP enable critical wireless payment transactions

WBXML

WAP binary XML content format (WBXML) is defined in the binary XML tent format specification in the WAP standard set This format is a compact binary representation of the XML The main purpose is to reduce the transmission size of XML documents on narrowband communication channels

con-A binary XML document is composed of a sequence of elements and each ele-mment may have zero or more attributes The element structure of XML is pre-served while the format encodes the parsed physical form of an XML document

This allows user agents to skip elements and data that are not understood In terms

of encoding, a tokenized structure is used to encode an XML document The work byte order is big-endian, that is, the most significant byte is transmitted first.Within a byte, bit-order is also big-endian, namely, the most significant bit first

net-4.2.3 Wireless Session Protocol

WSP is a protocol family in the WAP architecture, which provides the WAP plication layer with a consistent interface for session services WSP establishes a session between the client and the WAP gateway to provide content transfer: theclient makes a request, and then the server answers with a reply through the WAP gateway WSP supports the efficient operation of a WAP microbrowser running

ap-on the client device with limited capacity and communicating over a bandwidth wireless network The WSP browsing applications are based on the HTTP 1.1 standard, and incorporated with additional features that are not included

low-in the HTTP protocol, for example, the connection to the server will not be lost when a mobile user is moving, resulting in a change from one base station toanother The other additional features that WSP supports include: ff

• Binary encoding Given the low bandwidth of the wireless network, the

efficient binary encoding of the content to be transferred is necessary for mobile Internet applications

• Data push functionality Data push functionality is not supported in the

HTTP protocol A push is what is performed when a WSP server transfersthe data to a mobile client without a preceding request from the client.WSP supports three push mechanisms for data transfer, namely, a con-firmed data push within an existing session context, a non-confirmed data push within an existing session context, and a nonconfirmed data push without an existing session context

• Capability negotiation: Mobile clients and servers can negotiate various

parameters for the session establishments, for example, maximum standing requests and protocol options

out-• Session suspend/resume It allows a mobile user to switch off and on the

mobile device and to continue operation at the exact point where the device was switched off

WSP offers two different services, namely, the connection-oriented service and the connectionless service The connection-oriented service has the full capabili-ties of WSP It operates on top of the wireless transaction protocol (WTP), sup-ports session establishment, method invocation, push messages, suspend, resumeand session termination The connectionless service is suitable for those situations where high reliability is not required, or the overhead of session establishment and rrelease can be avoided It supports only basic request-reply and push, and does not rely on WTP

4.2.4 Wireless Transaction Protocol

The wireless transaction protocol operates on top of a secure or insecure datagram service WTP introduces the notion of a transaction that is defined as a request with its response This transaction model is well suited for Web content requestsand responses It does not handle stream-based applications (such as telnet) well.WTP is responsible for delivering the improved reliability over datagram ser-vice between the mobile device and the server by transmitting acknowledge mes-sages to confirm the receipt of data and by retransmitting data that have not been acknowledged within a suitable timeout period WTP supports an abort function through a primitive error handling If an error occurs, such as the connection beingbroken down, the transaction is aborted

WTP is message oriented and it provides three different types of transaction services, namely, unreliable one-way, reliable one-way, and reliable two-way The transaction type is set by the initiator and is contained in the service request mes-sage sent to the responder The unreliable one-way transactions are stateless and cannot be aborted The responder does not acknowledge the message from the ini-tiator The reliable one-way transactions provide a reliable datagram service that enables the applications to provide reliable push service The reliable two-way transactions provide the reliable request/response transaction services

4.2.5 Wireless Transport Layer Security

The wireless transport layer security (WTLS) protocol is a security protocol based

on the transport layer security protocol (TLS) [10] (see Sect 4.5) TLS is a deriva- l tive of the secure sockets layer (SSL), a widely used security r protocol for Internet applications and payment over the Internet WTLS has been optimized for thewireless communication environment It operates above the transport protocol layer

WTLS is flexible due to its modular design Depending on the required security level, we can decide whether WTLS is to be used or not WTLS provides data integrity, data confidentiality, authentication, and denial-of-service protection Data integrity is to ensure that data sent between a mobile station and a wireless application server are unchanged and uncorrupted Data confidentiality is to en-sure that data transmitted between the mobile station and the wireless application server are private to the sender and the receiver, and one not going to be under-stood by any hackers Authentication is to check the identity of the mobile station and the wireless application server Denial-of-service protection is to prevent the upper protocol layers from the denial-of-service attacks by detecting and rejectingdata that are replayed or not successfully verified

4.2.6 Wireless Datagram Protocol

The wireless datagram protocol (WDP) in the WAP architecture specifies how dif-nferent existing bearer services should be used to provide a consistent service to the dupper layers WDP is used to hide the differences among the underlying bearer networks WDP layer operates above the bearer services and provides a consistent interface to the WTLS layer

Different bearers have different characteristics The bearer services includeshort message, circuit-switched data, and packet data services Since WAP is de-signed to operate over the bearer services, and since the bearers offer different types of quality of service with respect to throughput, error rate, and delays, the WDP is designed to adapt the transport layer to specific features of the underlying bearers The adaptation results in a family of protocols in the WDP layer, dealingwith each supported bearer network protocol When a message is transmitted through WAP stack, depending on the underlying bearer network, a different WDP protocol may be used For example, for an IP bearer, the user datagram pro-tocol (UDP) must be adopted as the WDP protocol, and for a short message ser-vice (SMS) bearer, the use of the source and destination port numbers becomes mandatory

4.2.7 Gateway

Fig 4.3 WAP gateway

A WAP gateway (shown in Fig 4.3) is a proxy server that sits between the mobile network and the Internet The purpose of this proxy server is to translate betweenHTTP and WSP The reason for the translation is that the Web server connected tothe Internet understands only the HTTP protocol, while the WAP-enabled mobileclient understands only the WSP The WAP gateway also converts an HTML fileinto a WML document that is designed for small-screen devices In addition, the WAP gateway compiles the WML page into binary WML, which is more suitable for the mobile client The WAP gateway is transparent to both the mobile clientand the Web server

Fig 4.4 shows the WAP model using the WAP gateway How the WAP way processes a typical request for a document can be illustrated as follows:

gate-.

WAP Gateway

WML EncoderWMLScriptCompilerProtocol Adapters

Content

Fig 4.4 WAP model

1 The mobile user makes a request for a specific document using the WAPphone

2 The WAE user agent on the WAP phone encodes the request and sends it

to the WAP gateway

3 The WAP gateway decodes and parses the encoded request

4 The WAP gateway sends an HTTP request for the document

5 The Web server answers with a response to the WAP gateway

6 The WAP gateway parses and encodes the response

7 If the content type is WML, then the gateway compiles it into binary WML

8 The WAP gateway sends the encoded response to the WAP phone

9 The WAE user agent on the WAP phone interprets and presents the ment to the mobile user

docu-4.3 Wireless Application Security

Wireless application security is becoming increasingly important as based mobile commerce applications (such as mobile payment, banking, and buying stock via cellular phones or other handheld devices) take off

transaction-The basic security needs for mobile commerce are similar to those for tronic commerce over the wired Internet, such as authentication, confidentiality, nonrepudiation, and data integrity However, implementing them in the wireless world is more difficult than in the wired world This is simply because of the limi-tations that wireless have, including limited bandwidth, high latency, and unstable connections In addition, the limited battery and processing power that thewireless devices have also make the sophisticated security algorithms difficult to run on these devices

elec-As discussed in Sect 4.2, WAP specifies an SSL-like security protocol,namely, wireless transport layer security (WTLS) However, there are some draw-backs in WTLS First, WTLS provides only security protection from the mobile

.

client to the WAP gateway where the wireless communication ends In the wired Internet environment, when a Web client (Web browser) starts an SSL session with Web server, the Web client and Web server are communicated directly, and the end-to-end security protection is provided through the SSL session This means that when one sends a credit card number over SSL, only the receiving Web server will be able to receive it The situation is different in the WTLS Thecredit card number will be securely protected between the mobile device and the WAP gateway It will be in the clear form at the WAP gateway Then, an SSL ses-sion will be established between the WAP gateway and the Web server for se-curely transmitting the credit card number over the Internet This means that there

is no end-to-end security protection for the wireless transactions since there is a potential security hole in the WAP gateway Second, the CCITT X509 certificate

is too large for the mobile phones, and the limitations of the processing power and fbattery for the wireless devices make it difficult to perform the sophisticated computation of the public-key encryption In summary, WAP security has twoissues: (1) there is no end-to-end security protection and (2) there is a lack of certificates for mobile devices

Research is being done on these two security issues As a result, simplified tificates have been defined for mobile devices The research on how to use currently available mobile devices to perform the computation of public-key encryption is on-going For example, elliptic curve cryptography (ECC) requires far fewer resources yand it looks very promising for wide deployment to CPU-starved wireless devices

4.5 Appendix

4.5.1 Overview of the Transport Layer Security

The transport layer security (TLS) [10] is a protocol that provides privacy and data integrity between two communicating applications The TLS is application protocol

independent, that is, higher-level protocols can layer on top of the TLS protocol transparently The TLS protocol is composed of two layers:

1 TLS record protocol This protocol provides connection security and is

used for encapsulation of various higher-level protocols, such as the TLShandshake protocol discussed here It has the following two basic proper-ties

o The connection is private Data encryption is used for ensuring the

communication privacy and is based on symmetric cryptographicalgorithms, such as DES or RC4 The keys for symmetric encryption are generated uniquely for each connection and are based on a secret negotiated by another protocol (e.g., the TLS handshake protocol) The record protocol can also be used without encryption

o The connection is reliable A message integrity check based on a

keyed MAC is used for protecting message transport Secure hashfunctions, such as SHA and MD5, are used for MAC computations

In such cases, another protocol uses the record protocol and ates security parameters, and the record protocol can operate without

negoti-a MAC

2 TLS handshake protocol This protocol allows the server and client to

au-thenticate each other, and negotiate an encryption algorithm and graphic keys It has the following three basic properties

crypto-o The authentication between the server and client can be based on a public-key cryptographic algorithm, such as RSA or DSS Althoughthe authentication can be mutual, the mutual authentication is op-tional Generally speaking, one-way authentication is required

o It is secure for the negotiation of a shared secret between the server and client

o The negotiation is reliable

Because the TSL is a derivative of SSL, the actual handshake exchanges aresimilar to that of SSL Description of the main SSL exchanges can be found later

in this book

Acknowledgments

This work is supported in part by NSFC grant 90304008 from the Nature Science Foundation of China and the Doctoral Program Foundation grant 2004071001from the Ministry of Education of China

References

1 WAP http://www.ini.cmu.edu/netbil

2 Wireless Application Protocol Forum Ltd (1999) Official Wireless tion Protocol Wiley, New York

Applica-3 S Mann, S Sbihli (2000) The Wireless Application Protocol Wiley, NewYork.

4 S Singhal, et al (2001) The Wireless Application Protocol Wesley, New York

Addison-5 J Schiller (2000) Mobile Communications Addison-Wesley, New York

6 U Hansmann, et al (2001) Pervasive Computing Handbook Springer, lin Heidelberg New York

Ber-7 C Sharma (2001) Wireless Internet Enterprise Applications Wiley, New York

8 Y.B Lin, I Chlamtac (2001) Wireless and Mobile Network Architectures.Wiley, New York

9 Dornan (2001) The Essential Guide to Wireless Communications cations Prentice-Hall, New York

Appli-10 T Dierks, C Allen (1999) The TLS Protocol Version 1.0 http://www.ietf.org/ rfc/rfc2246.txt